Lucene search
K

9 matches found

The Hacker News
The Hacker News
added 2022/02/08 3:37 a.m.65 views

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

7.1CVSS7.7AI score0.10295EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2021/12/16 10:47 a.m.139 views

After Log4j, December’s Patch Tuesday has snuck up on us

For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching. Microsoft In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set ...

7.5CVSS10AI score0.11963EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2021/12/15 2:15 p.m.12 views

CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability

...

7.1CVSS7.1AI score0.10295EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/12/15 2:15 p.m.203 views

CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability

...

7.1CVSS7.3AI score0.10295EPSS
Exploits1References5
CVE
CVE
added 2021/12/15 2:15 p.m.1184 views

CVE-2021-43890

CVE-2021-43890 is a Windows AppX Installer spoofing vulnerability. An attacker could craft a malicious package to be opened by a user, leveraging the ms-appinstaller URI handler to spoof trusted UI and execute code at the user’s level after social engineering (phishing). Attacks have been associa...

7.1CVSS8.4AI score0.10295EPSS
In wildExploits1References6Affected Software1
The Hacker News
The Hacker News
added 2021/12/15 7:14 a.m.181 views

Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total o...

10CVSS9AI score0.11963EPSS
Exploits5
Circl
Circl
added 2021/12/15 4:0 a.m.19 views

CVE-2021-43890

creationtimestamp| type| source ---|---|--- 2021-12-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=704 2021-12-15 17:34:38+00:00| seen| https://t.me/truesecator/2447 2021-12-15 18:20:35+00:00| seen| https://t.me/cibsecurity/34035 2022-02-06 21:38:36+00:00| exploited|...

7.1CVSS7.4AI score0.10295EPSS
Exploits1References10
VulnCheck KEV
VulnCheck KEV
added 2021/12/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-43890

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability...

7.1CVSS7.3AI score0.10295EPSS
Exploits1References1
Kaspersky
Kaspersky
added 2021/12/14 12:0 a.m.51 views

KLA12386 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Office app can be exploited remotely to...

9.6CVSS9.4AI score0.10295EPSS
Exploits1References4
Rows per page
Query Builder